China issues new regulations to tighten control on Internet forums and online comment threads

On August 25, 2017 the Cyberspace Administration of China (CAC) issued two new regulations related to Internet forums and online comment threads: the Administrative Provisions on Internet Forum Community Services (Internet Forum Provisions) and the Administrative Provisions on Online Comment Threads Services (Online Comment Threads Provisions) (collectively, the Provisions), which will take effect from October 1, 2017.The Provisions reflect the Chinese government’s aims of further implementing the China Cyber Security Law (Cyber Security Law), effective from June 1, 2017, and to enhance the security of online information as required under it. In this client update we highlight the key features of the Provisions and outline the implications for businesses.

Scope of application

The Provisions apply to the supply of Internet forum community services and online comment threads services within the territory of China. It is likely that businesses operating websites, mobile apps and other online platforms in China would fall within such scope of application and be regulated by the Provisions.

Regulators

The Provisions adhere to the principle of localisation administration under which CAC will be in charge of the administration of Internet forum community services and online comment threads services nationwide, and local cyberspace administrations will be responsible for the same in their respective administrative areas.

Real-name registration

Article 24 of the Cyber Security Law imposes a “real-name registration” requirement on network operators, meaning that network operators should require that users are to provide their real identity information when providing them services. If a user does not provide his/her real identity information, the network operator must not provide the services to such user.

The Provisions have incorporated the “real-name registration” requirement. Under the Provisions, service providers of Internet forum and community services and/or online comment threads services must verify the identity information of the users and are prohibited from providing services to the users whose identity information is not verified. This effectively means that only those who have their real names and identity information registered and verified will be able to comment and use other services on Chinese online forums and platforms.

Obligations of service providers

The Provisions also impose various other obligations on service providers. For example, service providers are required to:

1. establish a sound system for information censorship, real-time inspection, emergency response, complaint and report, and data privacy;
2. have safe and controllable measures to mitigate risks in relation to the security of online information;
3. have professionals suitable for the scale of service;
4. provide necessary information and technical support to the relevant authorities for inspection; and
5. dispose illegal information in a timely fashion and report it to the relevant authorities.

In addition, service providers are prohibited from seeking improper benefits by selectively issuing, referring, deleting or recommending online information or comment threads.

Security assessments on new products / applications / functions relating to online comment threads

The Online Comment Threads Provisions also provide for security assessments on new products, applications and functions relating to online comment threads offered in China. Generally, service providers are required to report to the cyberspace administrations at provincial level to conduct security assessments prior to the release of any new products, applications and functions relating to online comment threads. It is likely that such security assessments will follow the procedures of the cyber security review for network products and services provided for in the Measures on the Security Review of Network Products and Services (Trial) (effective from June 1, 2017). New products, applications and functions that fail the security assessments might not be permitted to be offered in the Chinese market.

Credit assessments and blacklists of users and service providers

Importantly, the Online Comment Threads Provisions require that service providers carry out credit assessments on users who post online comment threads and offer services to users based on the results of credit assessments. Users with low credit scores will be blacklisted and prevented from posting any online comment threads and registering new accounts. However, the Provisions do not provide for detailed procedures relating to credit assessments.

Similarly, the Online Comment Threads Provisions provide for credit assessments to be conducted by CAC and cyberspace administrations at provincial level on service providers on a regular basis. The authorities will also establish and maintain credit files and blacklists of service providers. The Online Comment Threads Provisions do not, however, provide further clarity on how the service providers which are blacklisted, or those with a low credit score, would be affected by such outcomes.

Legal liabilities

Service providers violating the Provisions will be penalised by the Chinese authorities in accordance with the Cyber Security Law and other applicable Chinese regulations, which may lead to various administrative penalties.

Moreover, CAC and the cyberspace administrations at provincial level are entitled to hold interviews with service providers, and to order them to take immediate rectification or risk mitigation measures where:

• significant risks relating to Internet forum services and/or online comment threads services are identified; or
• security incidents have occurred.

Implications for businesses

The promulgation of the Provisions demonstrates CAC’s intention to strengthen the security of online information, as required under Chapter 4 of the Cyber Security Law. The Provisions might have the effect of significantly increasing compliance burdens on service providers in China.

The release of the Provisions follows on from CAC’s announcement, dated August 11, 2017, of the launch of an investigation into three large Chinese social media platforms, accusing them of failing to perform their duties of preventing the spread of user-posted information harmful to national security, public safety and social order. Such investigation highlights the importance for service providers of taking necessary measures to supervise and manage online information in accordance with all requirements.

We therefore recommend that businesses providing Internet forum and community services /online comment threads services in China (for example, websites, mobile apps and other online platforms) take careful account of all the requirements of the Provisions (effective from October 1, 2017), review their current practices in the light of those requirements and take immediate action in order to ensure strict compliance with the Provisions and the Cyber Security Law.